SQL注入点自动化利用测试工具—shoryuken

phper 2013-02-20 105732人围观 ,发现 2 个不明物体 工具

仅用于安全研究/教学演示之用,禁止非法用途!

shoryuken是一款linux bash工具,可以对存在SQL注入漏洞的主机(且未站库分离)进行自动化利用测试,简化了繁琐的手工操作。值得一提的是,由于适用于注入点的渗透测试,这个工具可能需要应用具有较高的数据库权限(SA or System)。

视频地址(需翻墙)

选项

-h help
-i interactive mode
-p direct punch
-t test mode
-l test from list

实例

./shoryuken1.1 -i
./shoryuken1.1 -p "192.168.0.2/test.asp?id=1"
./shoryuken1.1 -p "vuln-site.net/home/news.php?info=text&vuln_param=11230"
./shoryuken1.1 -t "www.example.com/page.php?name=john"
./shoryuken1.1 -l mytargets.txt results.txt"

特点

- Very simple to use;
- Very small (just 8k) e portable;
- Can be easily used in tiny linux systems like mobile ones;
- Pwns MySQL and MSSQL systems at once;
- Doesn't need to download/upload anything to target;
- Doesn't need an extra open port on machine or firewall;
- Can be easily used when pivoting over linux machines;
- Minimum footprinting in Test Mode (1 request);
- Auto cleaning (except for logs);
- Impressive hacking to people that lacks hacking/security knowledge.

下载地址

发表评论

已有 2 条评论

取消
Loading...
css.php